Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

Odd vbc.exe command prompt at startup

This is a discussion on Odd vbc.exe command prompt at startup within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. Greetings and Happy Holidays. Since a while, I see that there is this command prompt on my startup. I can


Closed Thread
 
Thread Tools Search this Thread
Old 12-24-2015, 11:02 AM   #1
Registered Member
 
BredToMaim's Avatar
 
Join Date: Dec 2015
Posts: 11
OS: Win 7 Ultimate x64



Greetings and Happy Holidays.

Since a while, I see that there is this command prompt on my startup. I can barely catch it, but once i could take a screenshot of it and see what it is.


I see that others had this vbc.exe problem before, but i haven't seen anyone with it existing in the Temp file.

I assume it's a virus because it's not where it should be, though VirusTotal says it can be totally trusted.

Here is the DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 8.0.7600.16385
Run by Sorin at 20:42:22 on 2015-12-24
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3071.1432 [GMT 2:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
E:\steam\Steam.exe
E:\steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
E:\steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_235.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
mWinlogon: Userinit = userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
uRun: [HostProcess] C:\Users\Sorin\AppData\Roaming\HostProcess\OFFICE~2.EXE
uRun: [HKCU] C:\Users\Sorin\AppData\Local\Temp\vbc.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
StartupFolder: C:\Users\Sorin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\shadow.lnk - C:\Users\Sorin\AppData\Local\Temp\dxrpdiag.vbs
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SRSPRE~1.LNK - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: NameServer = 193.231.252.1 213.154.124.1 192.168.1.1
TCP: Interfaces\{7C3E0247-CFCC-4BFE-A977-7E9E323CDE25} : DHCPNameServer = 193.231.252.1 213.154.124.1 192.168.1.1
TCP: Interfaces\{7C3E0247-CFCC-4BFE-A977-7E9E323CDE25}\352585D275251353037584 : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Sorin\AppData\Roaming\Mozilla\Firefox\Profiles\tsjwg740.default\
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2015-11-8 283200]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-11-1 1148560]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-11-1 1706128]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2015-11-1 21833360]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-11-1 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2015-11-1 38032]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2015-11-1 236544]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files\BitComet\tools\BitCometService.exe -service --> C:\Program Files\BitComet\tools\BitCometService.exe -service [?]
S3 Origin Client Service;Origin Client Service;D:\2sorin\ORIGIN\OriginClientService.exe [2015-12-1 2104840]
.
=============== Created Last 30 ================
.
2015-12-18 15:13:13 -------- d-----w- C:\Users\Sorin\AppData\Roaming\AVS4YOU
2015-12-18 15:13:13 -------- d-----w- C:\ProgramData\AVS4YOU
2015-12-18 15:11:25 -------- d-----w- C:\Program Files (x86)\AVS4YOU
2015-12-18 15:10:48 24576 ----a-w- C:\Windows\SysWow64\msxml3a.dll
2015-12-18 15:10:48 1700352 ----a-w- C:\Windows\SysWow64\GdiPlus.dll
2015-12-18 15:10:48 -------- d-----w- C:\Program Files (x86)\Common Files\AVSMedia
2015-12-18 15:00:56 -------- d-----w- C:\Users\Sorin\AppData\Roaming\avidemux
2015-12-18 15:00:41 -------- d-----w- C:\Program Files\Avidemux 2.6 - 64 bits
2015-12-18 12:24:09 11140960 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2015-12-18 12:23:58 11154520 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{24DCB596-3EDF-448D-96B1-C8E5853A1EB4}\mpengine.dll
2015-12-18 11:57:29 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2015-12-18 11:57:20 99840 ----a-w- C:\Windows\System32\wudriver.dll
2015-12-18 11:57:11 36864 ----a-w- C:\Windows\System32\wuapp.exe
2015-12-18 11:57:11 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2015-12-18 11:32:04 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll
2015-12-18 11:32:04 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll
2015-12-18 11:32:04 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll
2015-12-18 11:32:04 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll
2015-12-18 11:31:15 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2015-12-18 11:31:15 206848 ----a-w- C:\Windows\System32\mfps.dll
2015-12-18 11:31:15 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2015-12-18 11:31:15 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2015-12-18 11:31:15 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2015-12-18 11:31:14 4068864 ----a-w- C:\Windows\System32\mf.dll
2015-12-18 11:31:13 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2015-12-18 11:29:50 -------- d-----w- C:\Users\Sorin\AppData\Local\Windows Live
2015-12-18 11:22:03 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2015-12-15 19:56:47 -------- d-----w- C:\MSI
2015-12-11 15:51:15 -------- d-----w- C:\Windows\System32\appmgmt
2015-12-10 20:48:19 -------- d-----r- C:\Program Files (x86)\Skype
2015-12-08 16:53:21 -------- d-----w- C:\UsbFix
2015-12-07 13:58:40 -------- d-----w- C:\Users\Sorin\AppData\Roaming\MP3SkypeRecorder
2015-12-07 13:58:40 -------- d-----w- C:\Users\Sorin\AppData\Local\Domit_UK_LTD
2015-12-07 13:58:39 -------- d-----w- C:\ProgramData\IsolatedStorage
2015-12-05 12:30:07 -------- d-----w- C:\Users\Sorin\AppData\Roaming\OpenOffice
2015-12-05 12:29:01 -------- d-----w- C:\Program Files (x86)\OpenOffice 4
2015-12-05 10:05:55 -------- d-----w- C:\Users\Sorin\AppData\Roaming\HostProcess
2015-12-05 07:23:02 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2015-12-01 20:27:39 -------- d-----w- C:\Users\Sorin\AppData\Roaming\Origin
2015-12-01 20:27:24 -------- d-----w- C:\Users\Sorin\AppData\Local\Origin
2015-12-01 20:24:27 -------- d-----w- C:\ProgramData\Origin
2015-12-01 20:24:25 -------- d-----w- C:\ProgramData\Electronic Arts
2015-12-01 20:23:44 -------- d-----w- C:\ProgramData\Package Cache
2015-11-29 10:57:12 -------- d-----w- C:\Users\Sorin\AppData\Roaming\Foxit Scanner Images
.
==================== Find3M ====================
.
2015-12-09 14:40:14 796864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-12-09 14:40:14 142528 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-12-02 11:18:58 301728 ------w- C:\Windows\System32\MpSigStub.exe
2015-11-08 19:04:35 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2015-11-08 10:50:58 419840 ----a-w- C:\Windows\System32\systemcpl.dll
2015-11-08 10:50:58 14848 ----a-w- C:\Windows\System32\slwga.dll
2015-11-08 10:50:58 13824 ----a-w- C:\Windows\SysWow64\slwga.dll
2015-10-13 17:26:19 6783280 ----a-w- C:\Windows\System32\nvcpl.dll
2015-10-13 17:26:19 3522168 ----a-w- C:\Windows\System32\nvsvc64.dll
2015-10-13 17:26:17 933168 ----a-w- C:\Windows\System32\nvvsvc.exe
2015-10-13 17:26:17 62584 ----a-w- C:\Windows\System32\nvshext.dll
2015-10-13 17:26:17 384176 ----a-w- C:\Windows\System32\nvmctray.dll
2015-10-13 17:26:17 2557616 ----a-w- C:\Windows\System32\nvsvcr.dll
2015-10-13 16:19:53 5972783 ----a-w- C:\Windows\System32\nvcoproc.bin
.
============= FINISH: 20:43:40.16 ===============


I don't know since when is this happening, but lately i feel low performance of my pc. I assume that simply deleting the file might not be the real solution.

Any clue about what should i do?
BredToMaim is offline  
Sponsored Links
Advertisement
 
Old 12-26-2015, 08:33 AM   #2
Registered Member
 
BredToMaim's Avatar
 
Join Date: Dec 2015
Posts: 11
OS: Win 7 Ultimate x64



UPDATE:
When I delete the file, it reappears after only 2-3 seconds. If I rename it, a new vbc.exe is born.
BredToMaim is offline  
Old 12-29-2015, 12:30 PM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please explain why this computer has no antivirus program installed and running. This is an open invitation for infection.

It can take as little as eight seconds to infect an unprotected computer.

Please keep this computer offline except when downloading tools and posting in the forum until we get one installed.

Let me know your intentions for an antivirus program, and/or if you need a suggestion.

------------------------------------------------------

**Note - Please do NOT upgrade your OS to Windows 10 until your machine is clean, and we have uninstalled all our removal tools. Thanks.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
-------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Sponsored Links
Advertisement
 
Old 12-30-2015, 12:14 AM   #4
Registered Member
 
BredToMaim's Avatar
 
Join Date: Dec 2015
Posts: 11
OS: Win 7 Ultimate x64



Explaining the lack of antivirus. Well, to be honest, in the last year I preferred to just reinstall my windows when there were problems. Not being too much into tech, I never knew what antivirus is to be trusted or which suites my pc the best. Wherever I had some friend IT guy over, each of them installed me a different antivirus, claiming "this one is the best". I never kept them too long, I felt they were slowing down my pc and I also don't like to have cracked software (every antivirus I had was cracked in some way), unless I really need it on the moment.
Yes, I'm very open to suggestions. Just like everyone else maybe, I want a trustworthy free antivirus, and eventually to be able to use it for weekly scans, without needing to be active non-stop.

Here are the logs:
ADW

# AdwCleaner v5.026 - Logfile created 30/12/2015 at 09:53:24
# Updated 21/12/2015 by Xplode
# Database : 2015-12-29.1 [Server]
# Operating system : Windows 7 Ultimate (x64)
# Username : Sorin - SORIN-PC
# Running from : C:\Users\Sorin\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****

[-] Service Deleted : YahooAUService

***** [ Folders ] *****

[#] Folder Deleted : C:\Users\Sorin\AppData\Local\visi_coupon

***** [ Files ] *****

[-] File Deleted : C:\Users\Sorin\AppData\Roaming\Mozilla\Firefox\Profiles\tsjwg740.default\user.js

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[-] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]
[-] Key Deleted : HKCU\Software\Yahoo\Companion
[-] Key Deleted : HKCU\Software\Yahoo\YFriendsBar
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Key Deleted : HKLM\SOFTWARE\Yahoo\Companion

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2475 bytes] ##########

FRST

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-12-2015
Ran by Sorin (administrator) on SORIN-PC (30-12-2015 09:57:40)
Running from C:\Users\Sorin\Desktop
Loaded Profiles: Sorin (Available Profiles: Sorin)
Platform: Windows 7 Ultimate (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2585744 2015-10-13] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8114720 2009-09-15] (Realtek Semiconductor)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS)
HKU\S-1-5-21-1447509174-3196938644-3819331294-1001\...\Run: [HostProcess] => C:\Users\Sorin\AppData\Roaming\HostProcess\OFFICE~2.EXE [525652 2012-04-10] (Microsoft)
HKU\S-1-5-21-1447509174-3196938644-3819331294-1001\...\Run: [HKCU] => C:\Users\Sorin\AppData\Local\Temp\vbc.exe [1169224 2009-06-10] (Microsoft Corporation) <===== ATTENTION
HKU\S-1-5-21-1447509174-3196938644-3819331294-1001\...\MountPoints2: {14175142-8238-11e5-929e-90e6ba9da817} - H:\autorun.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 193.231.252.1 213.154.124.1 192.168.1.1
Tcpip\..\Interfaces\{7C3E0247-CFCC-4BFE-A977-7E9E323CDE25}: [DhcpNameServer] 193.231.252.1 213.154.124.1 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
SearchScopes: HKU\S-1-5-21-1447509174-3196938644-3819331294-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2009-07-14] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2009-07-14] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Sorin\AppData\Roaming\Mozilla\Firefox\Profiles\tsjwg740.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2015-12-29] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2015-12-29] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2015-02-11] (Foxit Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BITCOMET_HELPER_SERVICE; C:\Program Files\BitComet\tools\BitCometService.exe [1296728 2013-11-29] ( BitComet - A free C++ BitTorrent/HTTP/FTP Download Client)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2015-10-13] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1706128 2015-10-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21833360 2015-10-13] (NVIDIA Corporation)
S3 Origin Client Service; D:\2sorin\ORIGIN\OriginClientService.exe [2104840 2015-12-02] (Electronic Arts)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2015-11-08] (DT Soft Ltd)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-10-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-08-18] (NVIDIA Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-30 09:57 - 2015-12-30 09:58 - 00008166 _____ C:\Users\Sorin\Desktop\FRST.txt
2015-12-30 09:57 - 2015-12-30 09:57 - 00000000 ____D C:\FRST
2015-12-30 09:55 - 2015-12-30 09:55 - 00002562 _____ C:\Users\Sorin\Desktop\adw.txt
2015-12-30 00:44 - 2015-12-30 09:53 - 00000000 ____D C:\AdwCleaner
2015-12-30 00:43 - 2015-12-30 00:42 - 02370560 _____ (Farbar) C:\Users\Sorin\Desktop\FRST64.exe
2015-12-30 00:42 - 2015-12-30 00:42 - 02370560 _____ (Farbar) C:\Users\Sorin\Downloads\FRST64.exe
2015-12-30 00:41 - 2015-12-30 00:41 - 01743360 _____ C:\Users\Sorin\Desktop\AdwCleaner.exe
2015-12-29 16:18 - 2015-12-29 16:18 - 01500013 _____ C:\Users\Sorin\Desktop\corint 2.pdf
2015-12-29 16:18 - 2015-12-29 16:18 - 01031082 _____ C:\Users\Sorin\Desktop\aviz corint 1.pdf
2015-12-28 21:28 - 2015-12-29 16:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-28 15:04 - 2015-12-28 15:04 - 00000000 ____D C:\Users\Sorin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2015-12-28 15:04 - 2015-12-28 15:04 - 00000000 ____D C:\Users\Sorin\AppData\Local\Apps\2.0
2015-12-28 15:03 - 2015-12-28 15:03 - 00000000 ____D C:\Users\Sorin\AppData\Roaming\IrfanView
2015-12-28 15:03 - 2015-12-28 15:03 - 00000000 ____D C:\Program Files\IrfanView
2015-12-26 23:40 - 2015-12-28 15:11 - 00000127 _____ C:\Users\Sorin\Desktop\yt.txt
2015-12-26 22:07 - 2015-12-26 22:07 - 00000000 ____D C:\Users\Sorin\Documents\naild
2015-12-26 22:05 - 2015-12-29 13:05 - 00000064 _____ C:\Users\Sorin\Desktop\nukref63.txt
2015-12-26 16:04 - 2015-12-26 16:04 - 00000000 ____D C:\Users\Sorin\Documents\WB Games
2015-12-26 14:06 - 2015-12-29 19:50 - 00000000 ____D C:\Users\Sorin\Desktop\marvel6d
2015-12-25 21:56 - 2015-12-25 21:56 - 00000000 ____D C:\Users\Sorin\AppData\Roaming\Yahoo!
2015-12-25 21:09 - 2015-12-25 21:55 - 00000000 ____D C:\Windows\pss
2015-12-25 21:05 - 2015-12-25 21:05 - 00087198 _____ C:\Users\Sorin\Documents\cc_20151225_210514.reg
2015-12-24 20:38 - 2015-12-24 20:38 - 00688992 ____R (Swearware) C:\Users\Sorin\Downloads\dds.com
2015-12-22 21:47 - 2015-12-22 21:47 - 01125181 _____ C:\Users\Sorin\Downloads\fnaf__the_silver_eyes_pdf_download_by_c4dguy995-d9kj15t.pdf
2015-12-22 19:02 - 2015-12-22 19:03 - 00491090 _____ C:\Users\Sorin\Downloads\nemira 1.pdf
2015-12-18 17:13 - 2015-12-18 17:13 - 00000000 ____D C:\Users\Sorin\AppData\Roaming\AVS4YOU
2015-12-18 17:13 - 2015-12-18 17:13 - 00000000 ____D C:\ProgramData\AVS4YOU
2015-12-18 17:11 - 2015-12-18 22:02 - 00000000 ____D C:\Program Files (x86)\AVS4YOU
2015-12-18 17:10 - 2010-05-11 13:17 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-12-18 17:10 - 2010-05-11 13:17 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3a.dll
2015-12-18 17:00 - 2015-12-18 22:02 - 00000000 ____D C:\Program Files\Avidemux 2.6 - 64 bits
2015-12-18 17:00 - 2015-12-18 17:10 - 00000000 ____D C:\Users\Sorin\AppData\Roaming\avidemux
2015-12-18 13:57 - 2012-06-03 00:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-18 13:57 - 2012-06-03 00:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-12-18 13:57 - 2012-06-03 00:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-12-18 13:57 - 2012-06-03 00:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-12-18 13:57 - 2012-06-03 00:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-12-18 13:57 - 2012-06-03 00:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-12-18 13:57 - 2012-06-03 00:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-12-18 13:57 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-12-18 13:57 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-12-18 13:35 - 2015-12-18 13:35 - 00000020 _____ C:\Windows\üø’
2015-12-18 13:32 - 2010-08-11 07:19 - 03860992 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbon.dll
2015-12-18 13:32 - 2010-08-11 07:13 - 01164800 _____ (Microsoft Corporation) C:\Windows\system32\UIRibbonRes.dll
2015-12-18 13:32 - 2010-08-11 06:44 - 02983424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbon.dll
2015-12-18 13:32 - 2010-08-11 06:35 - 01164800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIRibbonRes.dll
2015-12-18 13:31 - 2010-05-23 12:15 - 01619456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2015-12-18 13:31 - 2010-05-23 12:11 - 03181568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-12-18 13:31 - 2010-05-23 12:11 - 00196608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2015-12-18 13:31 - 2010-05-23 10:37 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-12-18 13:31 - 2010-05-23 10:35 - 04068864 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-12-18 13:31 - 2010-05-23 10:35 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2015-12-18 13:31 - 2010-05-23 10:35 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-12-18 13:29 - 2015-12-18 15:40 - 00000000 ____D C:\Users\Sorin\AppData\Local\Windows Live
2015-12-15 21:56 - 2015-12-15 21:56 - 00000000 ____D C:\MSI
2015-12-11 17:51 - 2015-12-11 17:51 - 00000000 ____D C:\Windows\system32\appmgmt
2015-12-10 22:48 - 2015-12-10 22:48 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-10 22:48 - 2015-12-10 22:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-10 19:14 - 2015-12-10 19:14 - 00130699 _____ C:\Users\Sorin\Documents\Untitled3.wma
2015-12-08 18:53 - 2015-12-16 00:03 - 00000000 ____D C:\UsbFix
2015-12-07 15:58 - 2015-12-07 17:48 - 00000000 ____D C:\Users\Sorin\AppData\Roaming\MP3SkypeRecorder
2015-12-07 15:58 - 2015-12-07 15:58 - 00000000 ____D C:\Users\Sorin\AppData\Local\Domit_UK_LTD
2015-12-07 15:58 - 2015-12-07 15:58 - 00000000 ____D C:\ProgramData\IsolatedStorage
2015-12-05 14:30 - 2015-12-05 14:30 - 00000000 ____D C:\Users\Sorin\AppData\Roaming\OpenOffice
2015-12-05 14:29 - 2015-12-05 14:29 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2
2015-12-05 14:29 - 2015-12-05 14:29 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2015-12-05 12:05 - 2015-12-05 12:05 - 00000000 ____D C:\Users\Sorin\AppData\Roaming\HostProcess
2015-12-01 22:27 - 2015-12-02 22:40 - 00000000 ____D C:\Users\Sorin\AppData\Roaming\Origin
2015-12-01 22:27 - 2015-12-01 22:28 - 00000000 ____D C:\Users\Sorin\AppData\Local\Origin
2015-12-01 22:24 - 2015-12-05 09:01 - 00000000 ____D C:\ProgramData\Origin
2015-12-01 22:24 - 2015-12-01 22:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-12-01 22:24 - 2015-12-01 22:24 - 00000000 ____D C:\ProgramData\Electronic Arts
2015-12-01 22:23 - 2015-12-01 22:24 - 00000000 ____D C:\ProgramData\Package Cache

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-30 09:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows
2015-12-30 09:55 - 2005-04-08 04:16 - 01312905 ____H C:\Users\Sorin\AppData\Roaming\Sorinlog.dat
2015-12-30 09:54 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-12-30 09:52 - 2009-07-14 07:13 - 00778278 _____ C:\Windows\system32\PerfStringBackup.INI
2015-12-30 09:52 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2015-12-30 09:50 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-12-30 09:50 - 2009-07-14 06:45 - 00014016 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-12-30 00:40 - 2015-11-01 16:59 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-12-29 22:22 - 2015-11-01 19:49 - 00000000 ____D C:\Users\Sorin\AppData\Roaming\BitComet
2015-12-29 20:23 - 2015-11-01 19:53 - 00000000 ____D C:\Users\Sorin\AppData\Roaming\CDisplayEx
2015-12-29 17:42 - 2015-11-01 22:26 - 00000000 ____D C:\Users\Sorin\AppData\Roaming\vlc
2015-12-29 16:10 - 2015-11-01 16:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-29 11:40 - 2015-11-01 16:59 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-29 11:40 - 2015-11-01 16:59 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-29 11:40 - 2015-11-01 16:59 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-12-28 20:20 - 2015-11-28 17:52 - 00000000 ____D C:\Users\Sorin\Desktop\New folder
2015-12-28 15:00 - 2009-07-14 09:45 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-12-27 21:57 - 2015-11-01 19:34 - 00000000 ____D C:\Users\Sorin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-12-26 16:04 - 2015-11-01 18:53 - 00000000 ____D C:\Users\Sorin\AppData\Roaming\NVIDIA
2015-12-25 21:52 - 2015-11-02 02:20 - 00000000 ____D C:\Windows\Panther
2015-12-25 21:52 - 2015-11-01 16:58 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2015-12-25 21:51 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-12-21 21:20 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-12-21 04:41 - 2009-07-14 06:45 - 00430328 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-20 22:13 - 2015-11-01 16:49 - 00112816 _____ C:\Users\Sorin\AppData\Local\GDIPFONTCACHEV1.DAT
2015-12-20 22:12 - 2015-11-02 15:55 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-20 22:10 - 2009-07-14 09:46 - 00000000 ____D C:\Windows\ShellNew
2015-12-20 22:10 - 2009-07-14 07:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-12-20 22:09 - 2009-07-14 04:34 - 00000387 _____ C:\Windows\win.ini
2015-12-20 22:08 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-12-18 23:30 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\oobe
2015-12-15 23:41 - 2015-11-21 19:52 - 00000000 ____D C:\Users\Sorin\AppData\Roaming\Skype
2015-12-13 05:15 - 2009-07-14 07:08 - 00032574 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-12-10 22:48 - 2015-11-21 19:52 - 00000000 ____D C:\Users\Sorin\AppData\Local\Skype
2015-12-10 22:48 - 2015-11-21 19:51 - 00000000 ____D C:\ProgramData\Skype
2015-12-06 20:51 - 2015-11-01 18:53 - 00000000 ____D C:\Users\Sorin\AppData\Local\Battle.net
2015-12-06 13:57 - 2015-11-02 15:55 - 00000000 ____D C:\Users\Sorin\AppData\Local\Microsoft Help
2015-12-02 13:18 - 2015-11-01 17:08 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2005-04-08 04:16 - 2015-12-30 09:55 - 1312905 ____H () C:\Users\Sorin\AppData\Roaming\Sorinlog.dat

Files to move or delete:
====================
C:\Users\Sorin\AppData\Local\Temp\vbc.exe


Some files in TEMP:
====================
C:\Users\Sorin\AppData\Local\Temp\sqlite3.dll
C:\Users\Sorin\AppData\Local\Temp\vbc.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-20 14:56

==================== End of FRST.txt ============================

Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version:29-12-2015
Ran by Sorin (2015-12-30 09:58:35)
Running from C:\Users\Sorin\Desktop
Windows 7 Ultimate (X64) (2015-11-02 00:24:51)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1447509174-3196938644-3819331294-500 - Administrator - Disabled)
Guest (S-1-5-21-1447509174-3196938644-3819331294-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1447509174-3196938644-3819331294-1002 - Limited - Enabled)
Sorin (S-1-5-21-1447509174-3196938644-3819331294-1001 - Administrator - Enabled) => C:\Users\Sorin

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.10 beta (x64) (HKLM\...\7-Zip) (Version: 15.10 - Igor Pavlov)
Adobe Flash Player 20 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
ATK Media (HKLM-x32\...\{D1E5870E-E3E5-4475-98A6-ADD614524ADF}) (Version: 2.0.0006 - ASUS)
Batman™: Arkham Origins (HKLM-x32\...\Steam App 209000) (Version: - WB Games Montreal)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BitComet 1.40 64-bit (HKLM-x32\...\BitComet_x64) (Version: 1.40 - CometNetwork)
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version: - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
CDisplayEx 1.10.29 (HKLM\...\CDisplayEx_is1) (Version: - Progdigy Software S.A.R.L.)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.1.0.0333 - DT Soft Ltd)
Emily is Away (HKLM-x32\...\Steam App 417860) (Version: - Kyle Seeley)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.2.2.929 - Foxit Software Inc.)
Heroes of the Storm (HKLM-x32\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
Jade Empire (HKLM-x32\...\{EEAA7AC3-F651-4842-86E0-4C755181388B}) (Version: 1.0.1.1 - Electronic Arts)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 43.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.3 (x86 en-US)) (Version: 43.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.3.5835 - Mozilla)
Nail'd (HKLM-x32\...\Steam App 40380) (Version: - Techland)
NVIDIA GeForce Experience 2.2.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.2.2 - NVIDIA Corporation)
NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenOffice 4.1.2 (HKLM-x32\...\{E6AD67BB-1C33-4AB3-A387-E0D48137AB70}) (Version: 4.12.9782 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.10.2.4863 - Electronic Arts, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0008 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5938 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 4.0.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 17.12.8 - NVIDIA Corporation) Hidden
Skype™ 7.16 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.16.102 - Skype Technologies S.A.)
SRS Premium Sound Control Panel (HKLM\...\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}) (Version: 1.8.1200 - SRS Labs, Inc.)
Star Wars Jedi Knight: Dark Forces II (HKLM-x32\...\Steam App 32380) (Version: - LucasArts)
Star Wars Jedi Knight: Jedi Academy (HKLM-x32\...\Steam App 6020) (Version: - Raven Software)
Star Wars Republic Commando (HKLM-x32\...\Steam App 6000) (Version: - LucasArts)
Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version: - BioWare)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: - Blizzard Entertainment)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - Runic Games)
UsbFix (HKLM-x32\...\Usbfix) (Version: 8.163 - El Desaparecido - UsbFix - USB Anti-Malware - Assistance et désinfection informatique - SosVirus)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {1E4AD7F5-C774-495D-8D7D-8826707369E6} - System32\Tasks\{2EE6257A-5E50-455B-829C-84F9CE53CAD3} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.15.0.102&amp;LastError=12002
Task: {5A40E926-9E86-4B89-9CFD-B12311724371} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {70ECF088-7016-40F7-B6CD-1AB15933B3AD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {725A68E4-CAA7-4F26-AE44-A1D576A2A5BF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-12-29] (Adobe Systems Incorporated)
Task: {DD22DD3E-1E02-4FB9-9D50-FDB2C1CC37ED} - System32\Tasks\{2F9B27DB-34D4-4E39-B11E-A263D18F8CDD} => Firefox.exe hxxp://www.skype.com/go/downloading?source=lightinstaller&amp;ver=7.15.0.102&amp;LastError=12002
Task: {DD9F510C-95F4-499A-90C8-BAC5BC372FF4} - System32\Tasks\Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask => start sppsvc

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-11-01 16:42 - 2015-10-13 19:26 - 00125616 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1447509174-3196938644-3819331294-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Sorin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 193.231.252.1 - 213.154.124.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS Premium Sound.lnk => C:\Windows\pss\SRS Premium Sound.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Sorin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^shadow.lnk => C:\Windows\pss\shadow.lnk.Startup
MSCONFIG\startupreg: DAEMON Tools Pro Agent => "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
MSCONFIG\startupreg: Messenger (Yahoo!) => "C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{8668F955-4FA5-4260-98C4-D8506F599F2F}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{323712D7-FFA4-44A6-8C92-C5D98629266D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5A45736D-E697-4FAB-B6EF-71CD73E00C25}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{BA7C975F-F854-4B07-A075-2BA80A1902AB}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{7D3EF707-A67D-4E77-8503-9A0F743D0009}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{E84895E9-18B1-4463-B623-6552E7E90BAF}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{2B3FA1E7-F2AF-47AF-9A9B-2D5D3BE37F2D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{4609C079-79F3-4B61-A2C4-9103FF84CA2F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{4AFD5AE8-3074-4C71-833A-DC4347B3D6F9}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{C91398D7-1C2D-4C81-9A0B-EFC5A612A29B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{24FE85BA-1459-400B-88C5-EA7E75285EF1}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{8C158648-506F-4BB5-8D37-223E6B249461}] => (Allow) C:\Program Files\BitComet\BitComet.exe
FirewallRules: [{CE0EF7E7-8EA1-47EE-9E9F-6CBF4AC83A9A}] => (Allow) E:\steam\Steam.exe
FirewallRules: [{5675EB32-A3A8-41A3-BC79-102F5A09E2FA}] => (Allow) E:\steam\Steam.exe
FirewallRules: [{4CE1B036-9CFA-4CDC-8914-E95440C47C5F}] => (Allow) E:\steam\bin\steamwebhelper.exe
FirewallRules: [{38B993C0-E6EF-4013-8850-D049E518B057}] => (Allow) E:\steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{26DB3D27-7A24-4E43-8980-DEBDD6CA6D2E}E:\01sorin\aoe ii\empires2.exe] => (Allow) E:\01sorin\aoe ii\empires2.exe
FirewallRules: [UDP Query User{CB762C9C-B6C0-4C25-AC2D-EFEC8D4A5665}E:\01sorin\aoe ii\empires2.exe] => (Allow) E:\01sorin\aoe ii\empires2.exe
FirewallRules: [{251339E2-BEF4-4327-B369-9B4565CE77CE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{914925DF-29AD-4091-A7B8-AA17954C5261}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D9B599E3-B267-46AB-A045-3C948149FAE3}] => (Allow) LPort=17526
FirewallRules: [{DECE56E1-1A1E-4871-BED8-664934AE622E}] => (Allow) LPort=17526
FirewallRules: [TCP Query User{AE8F2C09-E99B-4FB5-B557-B6E6B7846EDC}E:\01sorin\battle.net\starcraft ii\versions\base38996\sc2_x64.exe] => (Allow) E:\01sorin\battle.net\starcraft ii\versions\base38996\sc2_x64.exe
FirewallRules: [UDP Query User{5C445742-D0D6-454B-910F-9DE686CAF3DC}E:\01sorin\battle.net\starcraft ii\versions\base38996\sc2_x64.exe] => (Allow) E:\01sorin\battle.net\starcraft ii\versions\base38996\sc2_x64.exe
FirewallRules: [{05B043D5-04C5-4182-9ABB-B6BB6F6935AD}] => (Allow) E:\steam\SteamApps\common\Emily is Away\emily is away.exe
FirewallRules: [{7F2DFEA1-C4B7-4F2E-B0DD-221369841814}] => (Allow) E:\steam\SteamApps\common\Emily is Away\emily is away.exe
FirewallRules: [{E6A9BF6C-016E-4CA0-8180-3DC0E28DF97D}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{03898C01-5D15-4E59-93DC-49715FF157EE}E:\01sorin\murdered - soul suspect\binaries\win64\murdered.exe] => (Allow) E:\01sorin\murdered - soul suspect\binaries\win64\murdered.exe
FirewallRules: [UDP Query User{10D13833-5E24-44C7-BDA5-4B5B0C52C78B}E:\01sorin\murdered - soul suspect\binaries\win64\murdered.exe] => (Allow) E:\01sorin\murdered - soul suspect\binaries\win64\murdered.exe
FirewallRules: [{F60B3D93-6494-47CB-97B9-6745EE315C13}] => (Allow) E:\steam\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{46BD0378-FDBE-46A5-B7CA-2B4675E477F7}] => (Allow) E:\steam\SteamApps\common\Torchlight II\ModLauncher.exe
FirewallRules: [{54A537CF-0F25-4F52-9252-831500F4EB23}] => (Allow) E:\steam\SteamApps\common\Jedi Academy\GameData\jasp.exe
FirewallRules: [{B63328BC-ED49-4DF6-BA78-4235BCF144EA}] => (Allow) E:\steam\SteamApps\common\Jedi Academy\GameData\jasp.exe
FirewallRules: [{B3951B80-DCE3-44C2-895C-C0439D0C6EB2}] => (Allow) E:\steam\SteamApps\common\Jedi Academy\GameData\jamp.exe
FirewallRules: [{8941B443-1A36-403A-8853-0B6B591F18A0}] => (Allow) E:\steam\SteamApps\common\Jedi Academy\GameData\jamp.exe
FirewallRules: [{E649774E-437F-4888-A4F6-3E9B5CD14FAF}] => (Allow) E:\steam\SteamApps\common\Star Wars Jedi Knight\JK.EXE
FirewallRules: [{2C3CCABF-37BE-451C-89AA-21BCB4558327}] => (Allow) E:\steam\SteamApps\common\Star Wars Jedi Knight\JK.EXE
FirewallRules: [{C74C39CE-E6C2-4491-98E9-3520BE25A515}] => (Allow) E:\steam\SteamApps\common\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe
FirewallRules: [{FEFD0736-33EC-4E09-9DB2-935C58D95FE8}] => (Allow) E:\steam\SteamApps\common\Batman Arkham Origins\SinglePlayer\Binaries\Win32\BatmanOrigins.exe
FirewallRules: [{7E9B8098-4BAA-4012-8539-B5612E5C24B0}] => (Allow) E:\steam\SteamApps\common\Batman Arkham Origins\Online\Binaries\Win32\BatmanOriginsOnline.exe
FirewallRules: [{C002528E-F14A-4CC9-A9E2-FE6C8C40F335}] => (Allow) E:\steam\SteamApps\common\Batman Arkham Origins\Online\Binaries\Win32\BatmanOriginsOnline.exe
FirewallRules: [{5E4D3783-8F84-4E79-8B0C-59D4A9A816DE}] => (Allow) E:\steam\SteamApps\common\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe
FirewallRules: [{2CE05FBF-A6DA-44C5-BFF8-E6571678F50B}] => (Allow) E:\steam\SteamApps\common\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe
FirewallRules: [{3E110780-9B4E-4FF2-B1CE-90D44A8FB401}] => (Allow) E:\steam\SteamApps\common\swkotor\swkotor.exe
FirewallRules: [{60EEB914-98CC-4ED8-9A1D-84221A4A276B}] => (Allow) E:\steam\SteamApps\common\swkotor\swkotor.exe
FirewallRules: [{FD1D038B-6EEC-4BAB-9F86-BA49EC687957}] => (Allow) E:\steam\SteamApps\common\Nail'd\Naild_x86.exe
FirewallRules: [{A3238132-4846-4D09-B21D-C69B5E35D891}] => (Allow) E:\steam\SteamApps\common\Nail'd\Naild_x86.exe

==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Coprocessor
Description: Coprocessor
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/29/2015 10:49:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: BatmanOrigins.exe, version: 1.0.0.0, time stamp: 0x53597942
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x227d93c0
Faulting process id: 0x1b38
Faulting application start time: 0xBatmanOrigins.exe0
Faulting application path: BatmanOrigins.exe1
Faulting module path: BatmanOrigins.exe2
Report Id: BatmanOrigins.exe3

Error: (12/28/2015 06:40:17 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (12/28/2015 06:40:17 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (12/28/2015 06:40:17 PM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (12/26/2015 10:08:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Naild_x86.exe, version: 1.0.0.0, time stamp: 0x4cd2c0fd
Faulting module name: nvd3dum.dll, version: 9.18.13.4192, time stamp: 0x561d22a4
Exception code: 0xc0000005
Fault offset: 0x006a87f0
Faulting process id: 0x1224
Faulting application start time: 0xNaild_x86.exe0
Faulting application path: Naild_x86.exe1
Faulting module path: Naild_x86.exe2
Report Id: Naild_x86.exe3

Error: (12/26/2015 02:34:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mspaint.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca29
Faulting module name: mspaint.exe, version: 6.1.7600.16385, time stamp: 0x4a5bca29
Exception code: 0xc0000005
Fault offset: 0x000000000003d792
Faulting process id: 0xdbc
Faulting application start time: 0xmspaint.exe0
Faulting application path: mspaint.exe1
Faulting module path: mspaint.exe2
Report Id: mspaint.exe3

Error: (12/26/2015 11:34:41 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]

Error: (12/26/2015 11:34:41 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]

Error: (12/26/2015 11:34:41 AM) (Source: NvStreamSvc) (EventID: 2001) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]

Error: (12/25/2015 09:53:39 PM) (Source: Windows Search Service) (EventID: 1019) (User: )
Description: Windows Search Service failed to process the list of included and excluded locations with the error <30, 0x80040d07, "iehistory://{S-1-5-21-1447509174-3196938644-3819331294-1001}/">.


System errors:
=============
Error: (12/30/2015 09:53:54 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (12/30/2015 09:53:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/30/2015 09:53:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (12/30/2015 09:53:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s).

Error: (12/30/2015 09:53:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Streamer Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/30/2015 09:53:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Network Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/30/2015 09:53:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA GeForce Experience Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/30/2015 09:53:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (12/30/2015 09:53:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The NVIDIA Display Driver Service service terminated unexpectedly. It has done this 1 time(s).

Error: (12/29/2015 03:14:33 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.


==================== Memory info ===========================

Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz
Percentage of memory in use: 44%
Total physical RAM: 3071.27 MB
Available physical RAM: 1694.24 MB
Total Virtual: 6140.69 MB
Available Virtual: 4705.44 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:29.66 GB) (Free:9.29 GB) NTFS
Drive d: () (Fixed) (Total:105.47 GB) (Free:31.49 GB) NTFS
Drive e: (The Stuff) (Fixed) (Total:97.66 GB) (Free:14.14 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 19E319E3)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=29.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=105.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


Thank you for your time.
BredToMaim is offline  
Old 12-30-2015, 08:10 PM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, BredToMaim. You're very welcome. Did you manually disable System Restore on your machine?

------------------------------------------------------

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

Download and install MS Security Essentials, a good, free antivirus that won't slow down your machine.

Download Microsoft Security Essentials from Official Microsoft Download Center

------------------------------------------------------

CCleaner

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------

I see you have P2P software ( BitComet ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

A reference for the risk of these programs is here and here

I would strongly recommend that you uninstall it. You can do so via Control Panel >> Programs and Features.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    HKU\S-1-5-21-1447509174-3196938644-3819331294-1001\...\Run: [HKCU] => C:\Users\Sorin\AppData\Local\Temp\vbc.exe [1169224 2009-06-10] (Microsoft Corporation) <===== ATTENTION
    HKU\S-1-5-21-1447509174-3196938644-3819331294-1001\...\MountPoints2: {14175142-8238-11e5-929e-90e6ba9da817} - H:\autorun.exe
    SearchScopes: HKU\S-1-5-21-1447509174-3196938644-3819331294-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-31-2015, 12:42 PM   #6
Registered Member
 
BredToMaim's Avatar
 
Join Date: Dec 2015
Posts: 11
OS: Win 7 Ultimate x64



This is the fixlog:

Fix result of Farbar Recovery Scan Tool (x64) Version:29-12-2015
Ran by Sorin (2015-12-31 22:29:42) Run:1
Running from C:\Users\Sorin\Desktop
Loaded Profiles: Sorin (Available Profiles: Sorin)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
HKU\S-1-5-21-1447509174-3196938644-3819331294-1001\...\Run: [HKCU] => C:\Users\Sorin\AppData\Local\Temp\vbc.exe [1169224 2009-06-10] (Microsoft Corporation) <===== ATTENTION
HKU\S-1-5-21-1447509174-3196938644-3819331294-1001\...\MountPoints2: {14175142-8238-11e5-929e-90e6ba9da817} - H:\autorun.exe
SearchScopes: HKU\S-1-5-21-1447509174-3196938644-3819331294-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
EmptyTemp:
end
*****************

Restore point was successfully created.
HKU\S-1-5-21-1447509174-3196938644-3819331294-1001\Software\Microsoft\Windows\CurrentVersion\Run\\HKCU => value removed successfully
"HKU\S-1-5-21-1447509174-3196938644-3819331294-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{14175142-8238-11e5-929e-90e6ba9da817}" => key removed successfully
HKCR\CLSID\{14175142-8238-11e5-929e-90e6ba9da817} => key not found.
HKU\S-1-5-21-1447509174-3196938644-3819331294-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
EmptyTemp: => 656.7 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 22:30:33 ====

I don't remember using System Restore in any way on this machine, though I might be wrong. I know I tried to fix something on an older PC in the last 2 weeks, and found a solution on the net that was about using the Restore. I can't remember what, that machine is full of problems, (I might open a thread for it after this one is done).

Currently downloading & installing MS Security Essentials.

I'll start changing passwords tomorrow. So far, I did not identify any alarming changes on my accounts, though now that I know what might happen, I'll hurry up if I can, especially with the ones I used my credit card with.
Before that: Shall I suppose I shouldn't make the changes from another PC inside the house, if it's connected to the same Wi-Fi connection as the infected machine?
BredToMaim is offline  
Old 12-31-2015, 06:41 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello BredToMaim. Is the command prompt on startup gone now?

You should be OK to change your password on another machine on the same connection.

------------------------------------------------------

We need to check the status of your system restore...

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the Internet Services option remains checked.
  • Check all the other boxes.
  • Click Scan.
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log in your next reply.
-----------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-01-2016, 02:34 AM   #8
Registered Member
 
BredToMaim's Avatar
 
Join Date: Dec 2015
Posts: 11
OS: Win 7 Ultimate x64



I managed to change some important passwords from a different computer which is connected to a different router. I'll see today about my bank account.

No, the command prompt isn't completely gone...
I noticed, from the beginning, that the command prompt appeared, closed, then opened again for even a shorter fraction of a second. It thought it was the same. Now, only the shorter command action appears after a ~5 seconds from the startup. It may be different than vbc.exe, but I literally can't catch it. It took me a few restarts to be sure of what I see. If I blink, I don't notice the command prompt.


FSS:

Farbar Service Scanner Version: 10-06-2014
Ran by Sorin (administrator) on 01-01-2016 at 12:28:20
Running from "C:\Users\Sorin\Desktop"
Microsoft Windows 7 Ultimate (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
BredToMaim is offline  
Old 01-01-2016, 03:25 AM   #9
Registered Member
 
BredToMaim's Avatar
 
Join Date: Dec 2015
Posts: 11
OS: Win 7 Ultimate x64



UPDATE/EDIT:

It is the same vbc.exe. Also, sometimes it's twice, sometimes it's once. I managed to capture some screenshots, by recording the startup with my phone camera a few times and making print screens at the frames. I couldn't find a video editor that can pause at milliseconds yet. I also changed the wallpaper in order to see the box better.

Maybe reading some of the lines can help you understand better the virus:

Startup 1, two commands
first




second



Startup 2, one command:
BredToMaim is offline  
Old 01-01-2016, 02:28 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, BredToMaim. Very weird.

Have you checked to see if System Restore is on, and/or if you can create a system restore point?

Press the Windows "logo" key and "R" key then copy/paste the following into the Run box and click OK:

rstrui.exe

See if you have any system restore point(s). If not...
  • Press the Windows "logo" key and "R" key then copy/paste control sysdm.cpl,,4 into the Run box and click OK.
  • Select your C:\ drive then go Configure and check 'Restore system settings and previous versions of files'.
  • Click Apply > OK > OK.
Do you have a system restore point now?

------------------------------------------------------

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8/Win10 users, right-click > Run as administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :filefind
    vbc.*
    
    :reg
    "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS" /s
    "HKU\S-1-5-21-1447509174-3196938644-3819331294-1001\Software\Microsoft\Windows\CurrentVersion\Run" /s
    
    :regfind
    vbc.exe
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-02-2016, 12:44 AM   #11
Registered Member
 
BredToMaim's Avatar
 
Join Date: Dec 2015
Posts: 11
OS: Win 7 Ultimate x64



I have a system restore point, but it's from yesterday, so it wouldn't help me much. "Crtital Update".
Even if i do what you said, there still is this fresh restore point.


SystemLook Log:


SystemLook 30.07.11 by jpshortstuff
Log created at 10:38 on 02/01/2016 by Sorin
Administrator - Elevation successful

========== filefind ==========

Searching for "vbc.*"
C:\Users\Sorin\AppData\Local\Temp\vbc.exe --a---- 1169224 bytes [20:30 31/12/2015] [21:23 10/06/2009] AEEC0405A1C587562275AB20CC6E3521
C:\Users\Sorin\Desktop\New folder\vbc.jpg --a---- 848171 bytes [07:26 24/12/2015] [07:26 24/12/2015] CFE98A070692470DEA5DC0348D8F7CEB
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe --a---- 1169224 bytes [20:46 13/07/2009] [21:23 10/06/2009] AEEC0405A1C587562275AB20CC6E3521
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe.config --a---- 221 bytes [02:36 14/07/2009] [21:23 10/06/2009] 12C8C3F33E65F2F0BFE9D4CC566DCD52
C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.rsp --a---- 1070 bytes [02:36 14/07/2009] [21:23 10/06/2009] 9EFAD3F3C6ABA20203210B428BDAE7B9
C:\Windows\Microsoft.NET\Framework\v3.5\vbc.exe --a---- 1717560 bytes [21:10 13/07/2009] [21:14 10/06/2009] 5773AA7CF95EE7A3F2FB673C74C70E07
C:\Windows\Microsoft.NET\Framework\v3.5\vbc.exe.config --a---- 221 bytes [21:10 13/07/2009] [21:14 10/06/2009] 12C8C3F33E65F2F0BFE9D4CC566DCD52
C:\Windows\Microsoft.NET\Framework\v3.5\vbc.rsp --a---- 1489 bytes [21:10 13/07/2009] [21:14 10/06/2009] A162FB4CC0A4354BB04A8B6DD4E2AD0B
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe --a---- 2199880 bytes [11:16 18/03/2010] [11:16 18/03/2010] 4281D0B796ABBE8D65A4BF7C7795C66B
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe.config --a---- 182 bytes [04:33 18/03/2010] [04:33 18/03/2010] C002006CED9DE9EDDDD0FBC440A33623
C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.rsp --a---- 1467 bytes [23:38 17/03/2010] [23:38 17/03/2010] 2F7F2432CC38563B16A3BB7ACA8F7863
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\vbc.exe --a---- 1800504 bytes [20:37 13/07/2009] [20:40 10/06/2009] 69C37A99418378E50BB0979761E2C074
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\vbc.exe.config --a---- 221 bytes [02:36 14/07/2009] [20:40 10/06/2009] 12C8C3F33E65F2F0BFE9D4CC566DCD52
C:\Windows\Microsoft.NET\Framework64\v2.0.50727\vbc.rsp --a---- 1070 bytes [02:36 14/07/2009] [20:40 10/06/2009] 9EFAD3F3C6ABA20203210B428BDAE7B9
C:\Windows\Microsoft.NET\Framework64\v3.5\vbc.exe --a---- 2359624 bytes [20:54 13/07/2009] [20:31 10/06/2009] B4A448EB9C0DD7CC60F013B2416B94E0
C:\Windows\Microsoft.NET\Framework64\v3.5\vbc.exe.config --a---- 221 bytes [20:54 13/07/2009] [20:31 10/06/2009] 12C8C3F33E65F2F0BFE9D4CC566DCD52
C:\Windows\Microsoft.NET\Framework64\v3.5\vbc.rsp --a---- 1489 bytes [20:54 13/07/2009] [20:31 10/06/2009] A162FB4CC0A4354BB04A8B6DD4E2AD0B
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe --a---- 3170632 bytes [12:27 18/03/2010] [12:27 18/03/2010] C67D6E954C4B2A11D2FFA496CF44E7E4
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe.config --a---- 182 bytes [04:33 18/03/2010] [04:33 18/03/2010] C002006CED9DE9EDDDD0FBC440A33623
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.rsp --a---- 1467 bytes [23:38 17/03/2010] [23:38 17/03/2010] 2F7F2432CC38563B16A3BB7ACA8F7863
C:\Windows\Prefetch\VBC.EXE-BBCA0A57.pf --a---- 17808 bytes [07:53 30/12/2015] [20:29 31/12/2015] BC6BEEF754770A7BDA851BACBF4C1390
C:\Windows\winsxs\amd64_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.1.7600.16385_none_bf56b841b792d154\vbc.exe.config --a---- 221 bytes [20:37 13/07/2009] [20:40 10/06/2009] 12C8C3F33E65F2F0BFE9D4CC566DCD52
C:\Windows\winsxs\amd64_netfx-vb_compiler_b03f5f7f11d50a3a_6.1.7600.16385_none_ccc927794e11345f\vbc.exe --a---- 1800504 bytes [20:37 13/07/2009] [20:40 10/06/2009] 69C37A99418378E50BB0979761E2C074
C:\Windows\winsxs\amd64_netfx-vb_compiler_b03f5f7f11d50a3a_6.1.7600.16385_none_ccc927794e11345f\vbc.rsp --a---- 1070 bytes [20:37 13/07/2009] [20:40 10/06/2009] 9EFAD3F3C6ABA20203210B428BDAE7B9
C:\Windows\winsxs\amd64_netfx35linq-vbc_exe_config_orcas_31bf3856ad364e35_6.1.7600.16385_none_64f9016fb645370e\vbc.exe.config --a---- 221 bytes [20:54 13/07/2009] [20:31 10/06/2009] 12C8C3F33E65F2F0BFE9D4CC566DCD52
C:\Windows\winsxs\amd64_netfx35linq-vb_compiler_orcas_31bf3856ad364e35_6.1.7600.16385_none_f1f7463e0911af0f\vbc.exe --a---- 2359624 bytes [20:54 13/07/2009] [20:31 10/06/2009] B4A448EB9C0DD7CC60F013B2416B94E0
C:\Windows\winsxs\amd64_netfx35linq-vb_compiler_orcas_31bf3856ad364e35_6.1.7600.16385_none_f1f7463e0911af0f\vbc.rsp --a---- 1489 bytes [20:54 13/07/2009] [20:31 10/06/2009] A162FB4CC0A4354BB04A8B6DD4E2AD0B
C:\Windows\winsxs\x86_netfx-vbc_exe_config_b03f5f7f11d50a3a_6.1.7600.16385_none_0703ef18cc0efa5a\vbc.exe.config --a---- 221 bytes [20:46 13/07/2009] [21:23 10/06/2009] 12C8C3F33E65F2F0BFE9D4CC566DCD52
C:\Windows\winsxs\x86_netfx-vb_compiler_b03f5f7f11d50a3a_6.1.7600.16385_none_14765e50628d5d65\vbc.exe --a---- 1169224 bytes [20:46 13/07/2009] [21:23 10/06/2009] AEEC0405A1C587562275AB20CC6E3521
C:\Windows\winsxs\x86_netfx-vb_compiler_b03f5f7f11d50a3a_6.1.7600.16385_none_14765e50628d5d65\vbc.rsp --a---- 1070 bytes [20:46 13/07/2009] [21:23 10/06/2009] 9EFAD3F3C6ABA20203210B428BDAE7B9
C:\Windows\winsxs\x86_netfx35linq-vbc_exe_config_orcas_31bf3856ad364e35_6.1.7600.16385_none_08da65ebfde7c5d8\vbc.exe.config --a---- 221 bytes [21:10 13/07/2009] [21:14 10/06/2009] 12C8C3F33E65F2F0BFE9D4CC566DCD52
C:\Windows\winsxs\x86_netfx35linq-vb_compiler_orcas_31bf3856ad364e35_6.1.7600.16385_none_95d8aaba50b43dd9\vbc.exe --a---- 1717560 bytes [21:10 13/07/2009] [21:14 10/06/2009] 5773AA7CF95EE7A3F2FB673C74C70E07
C:\Windows\winsxs\x86_netfx35linq-vb_compiler_orcas_31bf3856ad364e35_6.1.7600.16385_none_95d8aaba50b43dd9\vbc.rsp --a---- 1489 bytes [21:10 13/07/2009] [21:14 10/06/2009] A162FB4CC0A4354BB04A8B6DD4E2AD0B

========== reg ==========

["HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\VSS"]
Hive unrecognized.

["HKU\S-1-5-21-1447509174-3196938644-3819331294-1001\Software\Microsoft\Windows\CurrentVersion\Run"]
Hive unrecognized.

========== regfind ==========

Searching for "vbc.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HKCU"="C:\Users\Sorin\AppData\Local\Temp\vbc.exe"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Sorin\AppData\Local\Temp\vbc.exe"="Visual Basic Command Line Compiler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Diagnostics\Performance\Resolvers]
"SystemBinariesList"="win32k.sys:winlogon.exe:EXPLORER.EXE:CSRSS.Exe:dwm.exe:logon.scr:logonui.exe:lsass.exe:lsm.exe:ntkrpamp.exe:ntoskrnl.exe:RUNDLL32.EXE:services.exe:sppsvc.exe:smss.exe:spoolsv.exe:svchost.exe:taskeng.exe:WinInit.exe:WISPTIS.EXE:dllhost.exe:dllhst3g.exe:cscript.exe:mmc.exe:msiexec.exe:upnpcont.exe:wscript.exe:WUDFHost.exe:dfsvc.exe:dfsvc.exe:fdbs.exe:ntfsbs.exe:memdiag.exe:NETFXSBS10.exe:applaunch.exe:aspnet_compiler.exe:aspnet_regbrowsers.exe:aspnet_regiis.exe:aspnet_regsql.exe:aspnet_state.exe:aspnet_wp.exe:caspol.exe:csc.exe:CVTRES.EXE:dfsvc.exe:dw20.exe:IEExec.exe:ilasm.exe:InstallUtil.exe:jsc.exe:MSBuild.exe:mscorsvw.exe:ngen.exe:RegAsm.exe::RegSvcs.exe:vbc.exe:TrustedInstaller.exe:Aurora.scr:AutoChk.Exe:AUTOFMT.EXE:CHKDSK.EXE:CHKNTFS.EXE:consent.exe:PnPUnattend.exe:PnPutil.exe:RacAgent.exe:fsquirt.exe:Uninst.exe:updateWmc.exe:wmdc.exe:wmdsync.exe:mofcomp.exe:ScrCons.exe:smi2smir.exe:unse
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9871E2DCDBEC5134D95DB9DE1C005E21]
"DFC90B5F2B0FFA63D84FD16F6BF37C4B"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\vbc.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9871E2DCDBEC5134D95DB9DE1C005E21\DFC90B5F2B0FFA63D84FD16F6BF37C4B]
"File"="_023_vbc.exe_amd64"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D73E6199BEDE45D4B8F810E0701337BD]
"DFC90B5F2B0FFA63D84FD16F6BF37C4B"="C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D73E6199BEDE45D4B8F810E0701337BD\DFC90B5F2B0FFA63D84FD16F6BF37C4B]
"File"="_023_vbc.exe_x86"
[HKEY_USERS\S-1-5-21-1447509174-3196938644-3819331294-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"HKCU"="C:\Users\Sorin\AppData\Local\Temp\vbc.exe"
[HKEY_USERS\S-1-5-21-1447509174-3196938644-3819331294-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Sorin\AppData\Local\Temp\vbc.exe"="Visual Basic Command Line Compiler"
[HKEY_USERS\S-1-5-21-1447509174-3196938644-3819331294-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Sorin\AppData\Local\Temp\vbc.exe"="Visual Basic Command Line Compiler"

-= EOF =-
BredToMaim is offline  
Old 01-02-2016, 05:17 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, BredToMaim. I wasn't suggesting to do a system restore to solve the problem.

I was trying to see if your system restore was working, as no system restore points were showing in your FRST log.

------------------------------------------------------

Please go to: VirusTotal
  • Click the Choose File button.
  • Please copy/paste the following bolded text into the 'File name:' box:

    C:\Users\Sorin\AppData\Local\Temp\vbc.exe

  • Click Open then click the Scan it! button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File already analysed: click Reanalyse
  • Once scanned, copy and paste the URL from your browser address bar in your next reply.
------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

Note: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe

Next, go File > New Task(Run...) and type explorer then press 'Enter'.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-03-2016, 01:06 AM   #13
Registered Member
 
BredToMaim's Avatar
 
Join Date: Dec 2015
Posts: 11
OS: Win 7 Ultimate x64



Virus Total:
https://www.virustotal.com/en/file/6...is/1451810036/

Combofix:

ComboFix 16-01-01.01 - Sorin 01/03/2016 10:41:03.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3071.2013 [GMT 2:00]
Running from: c:\users\Sorin\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\users\Sorin\AppData\Roaming\HostProcess
c:\users\Sorin\AppData\Roaming\Sorinlog.dat
c:\windows\security\logs\scecomp.log
.
.
((((((((((((((((((((((((( Files Created from 2015-12-03 to 2016-01-03 )))))))))))))))))))))))))))))))
.
.
2016-01-03 08:49 . 2016-01-03 08:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-01-02 18:40 . 2016-01-02 18:40 18506432 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2016-01-01 20:18 . 2015-12-16 08:15 11154520 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59852146-05BF-455E-99F7-0EB29C4402C9}\mpengine.dll
2016-01-01 20:15 . 2010-04-09 11:06 1898376 ----a-w- c:\windows\system32\drivers\tcpip.sys
2016-01-01 20:15 . 2010-04-09 11:06 374664 ----a-w- c:\windows\system32\drivers\netio.sys
2015-12-30 07:57 . 2015-12-31 20:32 -------- d-----w- C:\FRST
2015-12-29 22:44 . 2015-12-30 07:53 -------- d-----w- C:\AdwCleaner
2015-12-28 13:04 . 2015-12-28 13:04 -------- d-----w- c:\users\Sorin\AppData\Local\Apps
2015-12-28 13:03 . 2016-01-01 10:59 -------- d-----w- c:\users\Sorin\AppData\Roaming\IrfanView
2015-12-28 13:03 . 2015-12-28 13:03 -------- d-----w- c:\program files\IrfanView
2015-12-25 19:56 . 2015-12-25 19:56 -------- d-----w- c:\users\Sorin\AppData\Roaming\Yahoo!
2015-12-18 15:13 . 2015-12-18 15:13 -------- d-----w- c:\users\Sorin\AppData\Roaming\AVS4YOU
2015-12-18 15:13 . 2015-12-18 15:13 -------- d-----w- c:\programdata\AVS4YOU
2015-12-18 15:11 . 2015-12-18 20:02 -------- d-----w- c:\program files (x86)\AVS4YOU
2015-12-18 15:10 . 2015-12-18 15:11 -------- d-----w- c:\program files (x86)\Common Files\AVSMedia
2015-12-18 15:10 . 2010-05-11 11:17 24576 ----a-w- c:\windows\SysWow64\msxml3a.dll
2015-12-18 15:10 . 2010-05-11 11:17 1700352 ----a-w- c:\windows\SysWow64\GdiPlus.dll
2015-12-18 15:00 . 2015-12-18 15:10 -------- d-----w- c:\users\Sorin\AppData\Roaming\avidemux
2015-12-18 15:00 . 2015-12-18 20:02 -------- d-----w- c:\program files\Avidemux 2.6 - 64 bits
2015-12-18 11:57 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2015-12-18 11:57 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2015-12-18 11:57 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2015-12-18 11:57 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2015-12-18 11:57 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2015-12-18 11:57 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2015-12-18 11:57 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2015-12-18 11:57 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2015-12-18 11:57 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2015-12-18 11:32 . 2010-08-11 05:19 3860992 ----a-w- c:\windows\system32\UIRibbon.dll
2015-12-18 11:32 . 2010-08-11 05:13 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2015-12-18 11:32 . 2010-08-11 04:44 2983424 ----a-w- c:\windows\SysWow64\UIRibbon.dll
2015-12-18 11:32 . 2010-08-11 04:35 1164800 ----a-w- c:\windows\SysWow64\UIRibbonRes.dll
2015-12-18 11:31 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2015-12-18 11:31 . 2010-05-23 10:11 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2015-12-18 11:31 . 2010-05-23 08:37 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2015-12-18 11:31 . 2010-05-23 08:35 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2015-12-18 11:31 . 2010-05-23 08:35 206848 ----a-w- c:\windows\system32\mfps.dll
2015-12-18 11:31 . 2010-05-23 08:35 4068864 ----a-w- c:\windows\system32\mf.dll
2015-12-18 11:31 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2015-12-18 11:29 . 2015-12-18 13:40 -------- d-----w- c:\users\Sorin\AppData\Local\Windows Live
2015-12-18 11:22 . 2015-12-18 11:22 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2015-12-15 19:56 . 2016-01-01 21:41 -------- d-----w- C:\MSI
2015-12-11 15:51 . 2015-12-11 15:51 -------- d-----w- c:\windows\system32\appmgmt
2015-12-10 20:48 . 2015-12-10 20:48 -------- d-----w- c:\program files (x86)\Common Files\Skype
2015-12-10 20:48 . 2015-12-10 20:48 -------- d-----r- c:\program files (x86)\Skype
2015-12-08 16:53 . 2015-12-15 22:03 -------- d-----w- C:\UsbFix
2015-12-07 13:58 . 2015-12-07 15:48 -------- d-----w- c:\users\Sorin\AppData\Roaming\MP3SkypeRecorder
2015-12-07 13:58 . 2015-12-07 13:58 -------- d-----w- c:\users\Sorin\AppData\Local\Domit_UK_LTD
2015-12-07 13:58 . 2015-12-07 13:58 -------- d-----w- c:\programdata\IsolatedStorage
2015-12-05 12:30 . 2015-12-05 12:30 -------- d-----w- c:\users\Sorin\AppData\Roaming\OpenOffice
2015-12-05 12:29 . 2015-12-05 12:29 -------- d-----w- c:\program files (x86)\OpenOffice 4
2015-12-05 07:23 . 2015-12-05 07:23 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-01-02 18:40 . 2015-11-01 14:59 796864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-01-02 18:40 . 2015-11-01 14:59 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-12-09 03:39 . 2015-11-01 15:08 301728 ------w- c:\windows\system32\MpSigStub.exe
2015-11-08 19:04 . 2015-11-08 19:04 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2015-11-08 10:50 . 2015-11-08 10:50 419840 ----a-w- c:\windows\system32\systemcpl.dll
2015-11-08 10:50 . 2009-07-13 23:52 14848 ----a-w- c:\windows\system32\slwga.dll
2015-11-08 10:50 . 2009-07-13 23:36 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2015-10-13 19:00 . 2015-11-13 08:15 944304 ----a-w- c:\windows\system32\NvIFR64.dll
2015-10-13 19:00 . 2015-11-13 08:15 907440 ----a-w- c:\windows\SysWow64\NvIFR.dll
2015-10-13 19:00 . 2015-11-13 08:15 903472 ----a-w- c:\windows\system32\NvFBC64.dll
2015-10-13 19:00 . 2015-11-13 08:15 869040 ----a-w- c:\windows\SysWow64\NvFBC.dll
2015-10-13 19:00 . 2015-11-13 08:15 31514288 ----a-w- c:\windows\system32\nvoglv64.dll
2015-10-13 19:00 . 2015-11-13 08:15 24199344 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2015-10-13 19:00 . 2015-11-13 08:15 1556656 ----a-w- c:\windows\system32\nvdispgenco6434192.dll
2015-10-13 19:00 . 2015-11-13 08:15 13916600 ----a-w- c:\windows\system32\nvopencl.dll
2015-10-13 19:00 . 2015-11-13 08:15 12898992 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2015-10-13 19:00 . 2015-11-13 08:15 11272048 ----a-w- c:\windows\SysWow64\nvopencl.dll
2015-10-13 19:00 . 2015-11-13 08:15 4245624 ----a-w- c:\windows\system32\nvcuvid.dll
2015-10-13 19:00 . 2015-11-13 08:15 3986608 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2015-10-13 19:00 . 2015-11-13 08:15 1908528 ----a-w- c:\windows\system32\nvdispco6434192.dll
2015-10-13 19:00 . 2015-11-13 08:15 17559432 ----a-w- c:\windows\system32\nvd3dumx.dll
2015-10-13 19:00 . 2015-11-13 08:15 14497568 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2015-10-13 19:00 . 2015-11-13 08:15 13828224 ----a-w- c:\windows\system32\nvcuda.dll
2015-10-13 19:00 . 2015-11-13 08:15 11209376 ----a-w- c:\windows\SysWow64\nvcuda.dll
2015-10-13 19:00 . 2015-11-13 08:15 2823992 ----a-w- c:\windows\SysWow64\nvapi.dll
2015-10-13 19:00 . 2015-11-13 08:15 22993200 ----a-w- c:\windows\system32\nvcompiler.dll
2015-10-13 19:00 . 2015-11-13 08:15 15293104 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2015-10-13 19:00 . 2015-11-01 17:23 1756424 ----a-w- c:\windows\system32\nvspbridge64.dll
2015-10-13 19:00 . 2015-11-01 17:23 1514528 ----a-w- c:\windows\system32\nvspcap64.dll
2015-10-13 19:00 . 2015-11-01 17:23 1316184 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2015-10-13 19:00 . 2015-11-01 17:23 1278920 ----a-w- c:\windows\SysWow64\nvspcap.dll
2015-10-13 19:00 . 2015-11-01 14:41 74032 ----a-w- c:\windows\system32\OpenCL.dll
2015-10-13 19:00 . 2015-11-01 14:41 59568 ----a-w- c:\windows\SysWow64\OpenCL.dll
2015-10-13 19:00 . 2015-11-01 14:37 18634072 ----a-w- c:\windows\system32\nvwgf2umx.dll
2015-10-13 19:00 . 2015-11-01 14:37 16128576 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2015-10-13 19:00 . 2015-11-01 14:37 3209920 ----a-w- c:\windows\system32\nvapi64.dll
2015-10-13 17:26 . 2015-11-01 14:42 6783280 ----a-w- c:\windows\system32\nvcpl.dll
2015-10-13 17:26 . 2015-11-01 14:42 3522168 ----a-w- c:\windows\system32\nvsvc64.dll
2015-10-13 17:26 . 2015-11-01 14:42 933168 ----a-w- c:\windows\system32\nvvsvc.exe
2015-10-13 17:26 . 2015-11-01 14:42 62584 ----a-w- c:\windows\system32\nvshext.dll
2015-10-13 17:26 . 2015-11-01 14:42 384176 ----a-w- c:\windows\system32\nvmctray.dll
2015-10-13 17:26 . 2015-11-01 14:42 2557616 ----a-w- c:\windows\system32\nvsvcr.dll
2015-10-13 16:19 . 2015-11-01 14:42 5972783 ----a-w- c:\windows\system32\nvcoproc.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-19 170624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe;c:\program files\BitComet\tools\BitCometService.exe [x]
R3 Origin Client Service;Origin Client Service;d:\2sorin\ORIGIN\OriginClientService.exe;d:\2sorin\ORIGIN\OriginClientService.exe [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - NisDrv
.
Contents of the 'Scheduled Tasks' folder
.
2016-01-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-01 18:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-10-13 2585744]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-15 8114720]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 193.231.252.1 213.154.124.1 192.168.1.1
FF - ProfilePath - c:\users\Sorin\AppData\Roaming\Mozilla\Firefox\Profiles\tsjwg740.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_20_0_0_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_20_0_0_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.20"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_20_0_0_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-01-03 10:58:03
ComboFix-quarantined-files.txt 2016-01-03 08:58
.
Pre-Run: 9,362,587,648 bytes free
Post-Run: 9,232,818,176 bytes free
.
- - End Of File - - CFD5ECDDD0A456B8CB7CEBA2067DE725
A36C5E4F47E84449FF07ED3517B43A31
BredToMaim is offline  
Old 01-03-2016, 07:12 AM   #14
Registered Member
 
BredToMaim's Avatar
 
Join Date: Dec 2015
Posts: 11
OS: Win 7 Ultimate x64



It looks like the command prompt from startup is gone, along with the file. I believe this is since ComboFix.

I booted the pc up several times today and I'm sure the command prompt is gone. The startup is still slower than I would like it to be (over 10 seconds of starting windows screen and ~30-40 seconds of the startup itself, when the drivers and antivirus load up), but at least, hopefully, it's not because of a virus anymore. I saw there is a thread on this forum that can help me with that too, but I also can't ask much from this >5 years old laptop.

I will perform a full scan with MS Essentials. A few days ago I only scanned the C drive and let it clean it.

Other than this, what else should I do to know the machine is clean?
BredToMaim is offline  
Old 01-03-2016, 01:03 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, BredToMaim. Glad to hear it. Just a few more things before we are done.

------------------------------------------------------

Open Notepad and copy/paste the entire contents of the codebox below into Notepad(don't forget to copy and paste REGEDIT4):

Code:
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HKCU"=-

[HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Sorin\AppData\Local\Temp\vbc.exe"=-

[HKEY_USERS\S-1-5-21-1447509174-3196938644-3819331294-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"HKCU"=-

[HKEY_USERS\S-1-5-21-1447509174-3196938644-3819331294-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Sorin\AppData\Local\Temp\vbc.exe"=-

[HKEY_USERS\S-1-5-21-1447509174-3196938644-3819331294-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Sorin\AppData\Local\Temp\vbc.exe"=-
Save the file as fix.reg and choose to Save as type: - All Files then close the Notepad file.
It should look like this:

Double-click on fix.reg and choose Yes to merge/add it to the registry. Please delete the file afterwards.

------------------------------------------------------

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Double-click mbam-setup-2.2.0.1024.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish
  • At the end of the installation, a database update will be performed.
  • Click on Scan Now
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-04-2016, 03:04 AM   #16
Registered Member
 
BredToMaim's Avatar
 
Join Date: Dec 2015
Posts: 11
OS: Win 7 Ultimate x64



Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/4/2016
Scan Time: 10:17 AM
Logfile: scan mal 1.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.04.01
Rootkit Database: v2015.12.26.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7
CPU: x64
File System: NTFS
User: Sorin

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 340803
Time Elapsed: 13 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

--------------------------------------------
ESET:
C:\UsbFix\Quarantine\C\Windows\SysWOW64\update.exe.vir a variant of MSIL/Injector.BFX trojan
D:\1TORRENTE\CCleaner 4.08.4428 Pro+Business Edition+Crack - P2P\ccsetup408.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\1TORRENTE\DAEMON Tools Pro Advanced v5.1.0.0333 FiNaL Incl [email protected]\DAEMONToolsPro510-0333.exe Win32/OpenCandy potentially unsafe application
E:\01SORIN\old games\Monkey Island 1 and 2\AUTORUN.INF INF/Autorun.gen worm

The ESET scan showed some of my old file-sharing files. All three of them are years old, keeping them on the local disk so that I wouldn't need to download them again and risk again. I am aware of their possible threat and I appreciate that this forum doesn't pass judgements.
BredToMaim is offline  
Old 01-04-2016, 07:25 AM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Unfortunately, this forum does pass judgement.

Quote:
D:\1TORRENTE\CCleaner 4.08.4428 Pro+Business Edition+Crack - P2P\ccsetup408.exe
D:\1TORRENTE\DAEMON Tools Pro Advanced v5.1.0.0333 FiNaL Incl Crack[email protected]\DAEMONToolsPro510-0333.exe
This is one reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Before posting for help, we ask that you uninstall any such applications, as indicated in this sticky topic.

Referring to the Forum Rules which you should have read at the time of Registering at this forum, TSF does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine.

A study revealed that more often than not, keygens and crack tools downloaded from peer-to-peer networks contained malicious or "unwanted" software.

------------------------------------------------------

==== Installed Programs ====

CCleaner
DAEMON Tools Pro


------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-04-2016, 07:52 AM   #18
Registered Member
 
BredToMaim's Avatar
 
Join Date: Dec 2015
Posts: 11
OS: Win 7 Ultimate x64



I apologize for not thoroughly reading the rules. I did read them, but I wasn't thorough in it. I was just seeking some advised solutions for my problem before reinstalling my OS.

Also sorry for misunderstanding you when you said "We are not here to pass judgment on file-sharing as a concept." It was a about the concept itself, not my situation.

I guess the command prompt issue is fixed, and I have to clean my computer of any bad software that is still there.

If my behavior should result in getting banned from this forum, I won't complain.

Thanks again for the help.
BredToMaim is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Internet Explorer blocked this site from downloading files.... EVERY WEBSITE!
Just about EVERY website I visit (including this one) IE8 gives me a popup stating that Internet Explorer blocked this site from downloading files to your computer. I even allowed it once--the file was in Notepad stating: .app_content_140511002640400 a.uiLinkSubtle { display: none; }...
SueJ999 Internet Explorer & Edge Forum 12 02-07-2011 10:36 PM
Problems occuring everywhere!
Hi folks, I'm having issues with my computer (more specifically my browser). I have no idea where to begin so I can only explain what and where the browser is having issues. The browser has started crashing everytime I try to search for a video on Youtube (although if linked directly to a...
just1moreperson Internet Explorer & Edge Forum 7 01-21-2011 12:44 AM
[SOLVED] Internet Explorer running slow
Lately when I am typing in Internet Explorer or using my mouse to navigate in Internet Explorer it is very slow. It seems to be bogged down.
pmlsoccerfan Internet Explorer & Edge Forum 16 01-18-2011 08:14 PM
Toshiba Satelite won't go past startup page
Hi, newby here to the forums. My nephew has a 1 yr old Toshiba satellite pc with windows 7. After clicking the "ON" button, the pc will only load the TOSHIBA startup screen- over and over. I can try F12 and get options of LAUNCH STARTUP REPAIR START WINDOWS NORMALLY the Startup repair does...
mountainhigh1 Windows 7 , Windows Vista Support 5 01-17-2011 10:08 PM
[SOLVED] IE8 running slowly
IE8 has been running very slowly lately on my computer. All my other software is running at normal speed. I did a scan for viruses and malware but found nothing. What to do?
botanica Internet Explorer & Edge Forum 5 01-03-2011 11:57 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 01:03 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts